I am working on a cloud-based solution and I would like to encrypt / decrypt the data locally using either a SmartCard or local Machine certificate. I'm hoping to do this in Javascript, but may resort to Silverlight, ActiveX, or Flash (in order of preference)

My idea is to use this in conjunction with broadcast encryption to allow for concurrent access to encrypted data in the cloud.

Is there an API common among smartcard vendors that exposes itself to the browser? (marked safe for scripting)

1 Answer
1

All major browsers support client SSL certificates for authentication of SSL/TLS tunnels.

However, doing any directly crypto in javascript is a bad idea and as a such the browsers do not allow any access to the certificates at all (infact, they won't even give use extension API's to implement firefox extensions like perspectives, convergence and certificate patrol without some very ugly hacks and including our own implementations).

If you want to just use the browser implementation as is, then you are fine, you just send a command over ordinary https to tell it to generate client certificate or have your uses import the certificate file into the browser and make sure the server sends the optional please send client cert in the TLS/SSL handshake, of course this does not allow local encryption.